Lucene search
K

64 matches found

NVD
NVD
added 2026/07/01 3:17 p.m.9 views

CVE-2026-23537

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS0.00568EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/01 1:49 p.m.6 views

CVE-2026-23537 Feast: unauthenticated arbitrary file write

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6.2AI score0.00568EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 1:49 p.m.32 views

CVE-2026-23537 Feast: unauthenticated arbitrary file write

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS0.00568EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54710

Name of the Vulnerable Software and Affected Versions Feast Feature Server affected versions not specified Description An unauthenticated remote attacker can write arbitrary JSON files to the server filesystem via the /save-document endpoint. The issue stems from improper input validation that...

9.1CVSS6.5AI score0.00568EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/25 7:51 a.m.9 views

CVE-2026-56121

A flaw was found in Feast. This vulnerability allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a specially crafted gRPC request to the registry server, attackers can exploit an unsafe deserialization process. This enables them to execute operating syst...

9.8CVSS6.3AI score0.00862EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38801

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

9.8CVSS6.8AI score0.00862EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/24 4:16 p.m.6 views

Deserialization of Untrusted Data

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the ApplyFeatureView handler of registryserver.py, which calls FeatureView.fromproto and deserializes the feature view's embedded user-defined function before the appl...

9.8CVSS6.2AI score0.00862EPSS
Exploits1References2
NVD
NVD
added 2026/06/24 4:16 p.m.7 views

CVE-2026-56121

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

9.8CVSS0.00862EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:49 p.m.6 views

CVE-2026-56121

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

9.8CVSS6.8AI score0.00862EPSS
Exploits1References5
CVE
CVE
added 2026/06/24 2:49 p.m.19 views

CVE-2026-56121

Feast

9.8CVSS6.8AI score0.00862EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/06/24 2:49 p.m.16 views

CVE-2026-56121 Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

9.8CVSS6.8AI score0.00862EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.19 views

PT-2026-51837

Name of the Vulnerable Software and Affected Versions Feast versions prior to 0.63.0 Description An unsafe deserialization issue exists in the registry server that allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a crafted gRPC request, an attacker can...

9.8CVSS6.3AI score0.00862EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/03/20 10:20 p.m.4 views

CVE-2026-23537

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6AI score0.00568EPSS
Exploits0References3
NVD
NVD
added 2026/03/20 10:16 p.m.9 views

CVE-2026-23536

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

7.5CVSS0.00594EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/20 9:58 p.m.4 views

CVE-2026-23536 Feast: unauthenticated arbitrary file read

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 9:58 p.m.3 views

CVE-2026-23536

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/20 9:58 p.m.4 views

CVE-2026-23538

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS5.7AI score
Exploits0References3
Cvelist
Cvelist
added 2026/03/20 9:58 p.m.29 views

CVE-2026-23536 Feast: unauthenticated arbitrary file read

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

7.5CVSS0.00594EPSS
Exploits0References2
CVE
CVE
added 2026/03/20 9:58 p.m.11 views

CVE-2026-23536

The CVE-2026-23536 issue affects Feast Feature Server, specifically the /read-document endpoint, allowing an unauthenticated remote attacker to read any file accessible to the server process. The root cause is a bypass of access restrictions via a crafted HTTP POST request, enabling potential exp...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/20 9:58 p.m.5 views

CVE-2026-23536

A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...

7.5CVSS5.8AI score0.00594EPSS
Exploits0References3
Rows per page
Query Builder